On Mon, Dec 02, 2002 at 11:40:47AM -0500, Ben Falls wrote: > I am attempting to set up LDAP authentication on a LINUX box, the LDAP > server is already set up and being used for Windows logins. I have gotten > the LINUX (RH 7.3) config so that it does connect to the LDAP server, > however, I still have a couple of issues. > > 1) It seems that I must have a local account on the LINUX box that matches > the LDAP account name. Is this normal? No, it is not. Typically you would also use nss_ldap to allow the system to retrieve information about users and groups directly from the directory, and skip having local accounts altogether. To do so, add "ldap" to the "passwd:", "group:", and "shadow:" lines in /etc/nsswitch.conf, or (since you mention you're using RHL) enable "Use LDAP" in the "User Information Configuration" screen in authconfig. > 2) When I do connect, it does authenticate to LDAP, however if I change my > password at the command prompt, it changes it in the OS not in LDAP (except > for the very first login). At that point I can login using either my LDAP > or system password. Any ideas what I am doing wrong? The default configuration of RHL isn't intended to do password synchronization between local files and a directory -- generally you read information about a given user from one source (files, NIS, hesiod, LDAP) and authenticate that user using one data source (files/NIS, LDAP, Kerberos). You can mix user information sources and authentication methods (for example, NIS with Kerberos, Hesiod with Kerberos, LDAP with Kerberos, LDAP with LDAP, even NIS with LDAP, but I wouldn't expect that last setup to be common). HTH, Nalin _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
